exam questions

Exam SY0-701 All Questions

View all questions & answers for the SY0-701 exam

Exam SY0-701 topic 1 question 198 discussion

Actual exam question from CompTIA's SY0-701
Question #: 198
Topic #: 1
[All SY0-701 Questions]

The Chief Information Security Officer (CISO) at a large company would like to gain an understanding of how the company's security policies compare to the requirements imposed by external regulators. Which of the following should the CISO use?

  • A. Penetration test
  • B. Internal audit
  • C. Attestation
  • D. External examination
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
01a4c2e
Highly Voted 5 months, 2 weeks ago
Selected Answer: B
Ty13 2 weeks, 2 days ago Selected Answer: B B. Internal Audit I know people want to select D because... it sounds right. External audit to compare against external regulations. But there's a part being overlooked: 'would like to gain an understanding'. Which you don't NEED a third party to confirm, because the company already KNOWS those regulations. But you WOULD need an external audit if there was a large breach and the regulatory agencies wanted to know how it happened. What is being asked, effectively, is "Can an internal audit team verify that we meet external regulations?"
upvoted 7 times
ETQ
5 months, 1 week ago
This literally doesn't make any sense. Then you can say the same for pentests and everything else. Oh, why hire an external person to check on your security, just do an internal pentest! If you want to actually check and be sure about regulations, you'll always hire a company that specializes in it. "Can an internal audit team verify that we meet external regulations?" The answer is maybe, but you'll never be sure. If they overlook something, your audit will be useless.
upvoted 3 times
...
...
Rackup
Most Recent 2 months ago
Selected Answer: D
Answer: D. External examination Explanation: An external examination is the best approach for the CISO to gain an understanding of how the company's security policies compare to the requirements imposed by external regulators. This process typically involves an external party, such as a third-party auditor or regulatory body, reviewing the company's security policies and controls to ensure they align with industry regulations and standards. While internal audits (B) assess the company's internal controls and practices, external examinations provide an unbiased review from an external perspective, which is essential for understanding compliance with external regulatory requirements.
upvoted 1 times
...
ijia_Ai0823
2 months ago
Selected Answer: B
In my opinion, it's Internal audit. It's more likely to be a sequential things (Based on an ISO-9001 external audit I experienced before). A company usually do an internal audit before proceeding to an external audit, because external audit must have a authorized third-party auditors and can be quite costly to be certified that your company is qualified by the auditors. In most cases, the auditors may conclude some corrective actions(like CAR) that need your company to finish. After the correction report is submitted and validated by the auditors, your company can receive the approved certification.
upvoted 1 times
...
Suga_1
2 months, 3 weeks ago
The correct answer is: C. Attestation. Explanation: Attestation: This involves an independent third party verifying that the company's security policies, processes, or systems meet the requirements imposed by external regulations. Attestations are often used to demonstrate compliance with regulatory frameworks and standards such as SOC 2, ISO 27001, or GDPR.
upvoted 1 times
...
laternak26
3 months, 2 weeks ago
Selected Answer: B
An internal audit is a comprehensive evaluation of a company's operations, processes, and policies to ensure they are compliant with internal standards as well as external regulations. In the context of comparing the company's security policies to external regulatory requirements, an internal audit would be the most appropriate tool. It involves reviewing and assessing the security measures and procedures in place and determining how well they align with legal and regulatory requirements, ensuring that the company meets compliance standards. Why not D. External examination: An external examination is typically performed by third-party auditors or regulators to assess compliance with external standards and regulations. While it can provide valuable insights into regulatory adherence, it is not the best tool for an internal review by the CISO. An internal audit allows the CISO to assess the company's own security policies and their alignment with external regulations before seeking an external review.
upvoted 2 times
...
ProudFather
3 months, 4 weeks ago
Selected Answer: D
D. External examination An external examination by a qualified third-party auditor can provide an objective assessment of the company's security practices against industry standards and regulatory requirements. This can help the CISO identify any gaps or weaknesses in the company's security posture and take corrective action. The other options are not as suitable:
upvoted 2 times
...
e2ba0ff
4 months, 1 week ago
Selected Answer: B
vendor's self-assessment of practices against industry or organizational requirement
upvoted 2 times
...
Murtuza
5 months, 2 weeks ago
Selected Answer: D
Between the two options, D. External examination is the most suitable for understanding how the company’s security policies compare to external regulatory requirements. An external examination involves an independent review by an external party, providing an objective assessment of the company’s compliance with regulatory standards. This ensures that the evaluation is unbiased and thorough, which is crucial for regulatory compliance.
upvoted 2 times
...
nillie
6 months ago
Selected Answer: B
The CISO should use: B. Internal audit An internal audit is a structured assessment of the company's security policies, processes, and controls to ensure they meet both internal standards and external regulatory requirements. This will help the CISO understand how well the company's security policies align with the requirements imposed by regulators.
upvoted 2 times
...
Ty13
6 months ago
Selected Answer: B
B. Internal Audit I know people want to select D because... it sounds right. External audit to compare against external regulations. But there's a part being overlooked: 'would like to gain an understanding'. Which you don't NEED a third party to confirm, because the company already KNOWS those regulations. But you WOULD need an external audit if there was a large breach and the regulatory agencies wanted to know how it happened. What is being asked, effectively, is "Can an internal audit team verify that we meet external regulations?"
upvoted 2 times
...
RIDA_007
6 months, 1 week ago
Selected Answer: D
An external examination (also known as an external audit or external review)
upvoted 1 times
...
NONS3c
6 months, 2 weeks ago
Selected Answer: B
even GPT Said
upvoted 1 times
...
Cyber_Texas
7 months ago
D external examination is best here
upvoted 1 times
...
myazureexams
7 months ago
Selected Answer: D
It is D period. And for the exam, make the association "External with External" DONE
upvoted 4 times
...
Glacier88
7 months, 1 week ago
Selected Answer: D
External examination: An external examination, conducted by an independent third party, can provide an objective assessment of the company's security policies and practices against external regulatory requirements. This can help the CISO identify any gaps or areas for improvement. Penetration test: While penetration tests can identify vulnerabilities in the company's security infrastructure, they don't directly assess compliance with external regulations. Internal audit: Internal audits can assess the company's adherence to internal policies and procedures, but they might not provide a comprehensive view of compliance with external regulations. Attestation: Attestation is a formal process of providing assurance about a specific claim or assertion. While it might involve compliance with regulations, it doesn't necessarily provide a full assessment of the company's security policies and practices.
upvoted 1 times
...
baronvon
7 months, 1 week ago
Selected Answer: B
B. Internal audit An internal audit allows the CISO to assess how the company's security policies align with the requirements imposed by external regulators. This process involves reviewing and evaluating the company's policies, procedures, and controls to ensure compliance with regulatory standards.
upvoted 3 times
...
Dlove
7 months, 2 weeks ago
Selected Answer: D
D. External Examination An external examination involves a review or assessment conducted by an independent third party, often to evaluate how an organization's policies, procedures, and practices align with regulatory requirements or industry standards. This process is crucial for identifying gaps between the company’s internal security policies and the requirements imposed by external regulators. It provides the CISO with an unbiased understanding of the organization’s compliance status.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago